Want to reduce fraud? Make a better password, dummy! – TechCrunch

Business, Startups

Researchers at Indiana University have confirmed that stringent password policies – aside from being really annoying – actually work. The research, led by Ph.D. student Jacob Abbott, IU CIO Daniel Calarco, and professor L. Jean Camp. They published their findings in a paper entitled “Factors Influencing Password Reuse: A Case Study.”

“Our paper shows that passphrase requirements such as a 15-character minimum length deter the vast majority of IU users (99.98 percent) from reusing passwords or passphrases on other sites,” said Abbott. “Other universities with fewer password requirements had reuse rates potentially as high as 40 percent.”

To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including their home institution, IU. Next, they extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to a university’s domain, passwords were compiled and compared against a university’s official password policy.

The findings were clear: Stringent password rules significantly lower a university’s risk of personal data breaches.

In short, requiring longer passwords and creating a truly stringent password policy reduced fraud and password reuse by almost 99%. Further, the researchers found that preventing users from adding their name or username inside passwords it’s also pretty helpful. Ultimately, having a stringent password policy is far better than have none at all. It’s a no-brainer but it could be an important data point for your next tech project.

Source

Articles You May Like

The tiny $129 Echo Sub is a huge audio upgrade – TechCrunch
International growth, primarily in China, fuels the VC market today – TechCrunch
iPhone XS Max vs. Galaxy Note 9 camera shootout
Half of all iOS devices now run iOS 12 – TechCrunch
Jeff Bezos is just fine taking the Pentagon’s $10B JEDI cloud contract – TechCrunch

Leave a Reply